Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_xwhiBHZKUrWMSU6RF7R05WpY58.cer
File:                     _xwhiBHZKUrWMSU6RF7R05WpY58.cer (raw, json)
Hash identifier:          ZHCzC6r+aQ2xCZa0jR7h5bK2/E81fSKNK3YL9KHED0Y=
Subject key identifier:   FF:1C:21:88:11:D9:29:4A:D6:31:25:3A:44:5E:D1:D3:95:A9:63:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427486A1C02DD168B93DAD8BAEC2944C5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/_xwhiBHZKUrWMSU6RF7R05WpY58.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:50:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 207435
                          IP: 82.115.212.0/24
                          IP: 2a10:3a00::/29
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6a:1c:02:dd:16:8b:93:da:d8:ba:ec:29:44:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff1c218811d9294ad631253a445ed1d395a9639f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ff:3a:f9:c0:ca:05:c4:39:65:c6:57:b8:84:
                    84:45:b2:93:b1:bc:05:59:ae:57:40:d8:53:c5:db:
                    92:75:69:54:97:da:7b:91:dd:2c:a1:89:7e:e4:95:
                    35:ae:c7:31:09:3e:f8:cd:ec:62:e8:53:0a:0a:ec:
                    0a:fe:50:de:24:43:c2:aa:1f:00:67:1d:a8:00:ce:
                    87:6b:de:3c:06:7e:e0:39:b4:2d:c9:92:ca:dc:ed:
                    3e:0e:3e:94:6b:0f:66:48:d3:e5:6f:44:22:84:f7:
                    22:56:a8:62:ca:97:f4:83:f7:1d:64:92:4b:bf:2e:
                    2a:81:b8:5a:eb:4a:75:31:8a:56:e3:c3:29:0b:65:
                    ce:36:69:bf:1e:dc:fc:cd:80:6d:71:e8:7a:65:6d:
                    c4:5f:9e:e7:65:14:b2:71:0b:d3:7e:6f:13:1a:da:
                    91:9d:16:f9:bb:96:d5:e9:ce:60:ff:8e:d0:e6:d0:
                    24:7b:5b:b2:6a:d0:d6:1a:df:1e:3d:86:6a:32:12:
                    cc:ce:ff:b2:7d:9d:14:fc:ae:e3:03:0b:a5:17:1d:
                    09:52:7c:e1:9f:d1:4f:08:2f:6e:25:14:7d:1b:3c:
                    aa:d4:ab:2a:4e:fc:82:0e:ae:3c:2e:88:fc:47:cc:
                    36:20:73:7d:78:2e:2a:0a:30:f5:f2:fe:9f:cc:b0:
                    6e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1C:21:88:11:D9:29:4A:D6:31:25:3A:44:5E:D1:D3:95:A9:63:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2c6b14-7e87-49c7-a3b3-a0a60bb9cd9b/1/_xwhiBHZKUrWMSU6RF7R05WpY58.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.212.0/24
                IPv6:
                  2a10:3a00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207435

    Signature Algorithm: sha256WithRSAEncryption
         aa:51:59:15:84:be:ac:0e:20:52:cd:b6:0d:56:f9:d7:56:94:
         dc:5a:8e:96:95:5a:c8:43:e7:b1:0f:9f:31:0c:80:e3:3b:1a:
         67:6a:77:99:3e:9e:f9:b7:56:64:be:ae:3e:a1:52:1a:42:ec:
         43:07:ca:9d:d7:ac:44:29:55:92:a9:6b:bb:48:f0:bd:db:db:
         d9:c7:03:ee:e9:98:19:62:d2:c4:a2:3b:fc:17:b0:ed:ef:27:
         7a:d7:8e:0f:9a:9e:79:ec:b9:c7:f7:a1:a3:ee:5a:7a:36:75:
         26:55:8d:82:f2:5b:a2:9e:0a:c0:eb:e3:97:ae:e4:0d:92:3d:
         c6:bd:be:cb:83:8c:38:cd:50:78:c9:ed:4a:fc:fa:92:e5:a1:
         86:cb:b9:da:7a:02:f1:67:dc:22:a4:0e:bc:cc:20:fa:08:3f:
         3e:f3:e5:da:cc:01:3b:40:b2:54:14:06:9e:bb:5f:87:ff:ba:
         ae:37:77:ab:c7:38:2f:36:fb:c7:2b:ab:70:48:41:cc:55:aa:
         d4:53:e4:aa:ae:0c:2a:78:55:36:cc:4e:d3:41:e5:b2:19:cd:
         bd:fe:12:17:0d:56:5b:61:4b:18:41:3a:44:35:e5:92:41:d0:
         d2:2e:48:d1:23:48:05:f2:b7:32:f8:87:49:37:57:58:d7:e8:
         8d:b6:eb:c2
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZQnSGocAt0Wi5Pa2LrsKUTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFjMjE4ODExZDkyOTRhZDYzMTI1M2E0NDVlZDFkMzk1YTk2MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP86+cDKBcQ5ZcZXuISERbKTsbwF
Wa5XQNhTxduSdWlUl9p7kd0soYl+5JU1rscxCT74zexi6FMKCuwK/lDeJEPCqh8A
Zx2oAM6Ha948Bn7gObQtyZLK3O0+Dj6Uaw9mSNPlb0QihPciVqhiypf0g/cdZJJL
vy4qgbha60p1MYpW48MpC2XONmm/Htz8zYBtceh6ZW3EX57nZRSycQvTfm8TGtqR
nRb5u5bV6c5g/47Q5tAke1uyatDWGt8ePYZqMhLMzv+yfZ0U/K7jAwulFx0JUnzh
n9FPCC9uJRR9Gzyq1KsqTvyCDq48Loj8R8w2IHN9eC4qCjD18v6fzLBu4wIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFP8cIYgR2SlK1jElOkRe0dOVqWOfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2LzJjNmIx
NC03ZTg3LTQ5YzctYTNiMy1hMGE2MGJiOWNkOWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvMmM2YjE0
LTdlODctNDljNy1hM2IzLWEwYTYwYmI5Y2Q5Yi8xL194d2hpQkhaS1VyV01TVTZS
RjdSMDVXcFk1OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAUnPUMA0EAgACMAcDBQMqEDoAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMqSzANBgkqhkiG9w0BAQsFAAOCAQEAqlFZFYS+rA4g
Us22DVb511aU3FqOlpVayEPnsQ+fMQyA4zsaZ2p3mT6e+bdWZL6uPqFSGkLsQwfK
ndesRClVkqlru0jwvdvb2ccD7umYGWLSxKI7/Bew7e8neteOD5qeeey5x/eho+5a
ejZ1JlWNgvJbop4KwOvjl67kDZI9xr2+y4OMOM1QeMntSvz6kuWhhsu52noC8Wfc
IqQOvMwg+gg/PvPl2swBO0CyVBQGnrtfh/+6rjd3q8c4Lzb7xyurcEhBzFWq1FPk
qq4MKnhVNsxO00HlshnNvf4SFw1WW2FLGEE6RDXlkkHQ0i5I0SNIBfK3MviHSTdX
WNfojbbrwg==
-----END CERTIFICATE-----